Liferay 6.2 EE SAML SSO - Unable to process SAML request.Liferay 6.2 EE SAML SSO - Unable to process SAML request.https://liferay.dev/en/c/message_boards/find_thread?p_l_id=119785333&threadId=945188702024-03-29T11:55:27Z2024-03-29T11:55:27ZRE: Liferay 6.2 EE SAML SSO - Unable to process SAML request.RJ Dowellhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1110190742018-09-24T10:09:01Z2018-09-24T10:09:01Z<p>Hello</p>
<p>Have you tried the AssureBridge? It provides hosted SAML 2.0 Single
Sign-On. And it also includes a quick way to work with Liferay SSO
Adapter. However, if you work with SAML PHP, then AssureBridge is out
of the question. Here's the post I used for <a
href="https://www.domyhomework4me.net/">domyhomework4me</a><a
href="https://community.liferay.com/blogs/-/blogs/plugin-customization-in-liferay">Plugin Customization</a>.</p>RJ Dowell2018-09-24T10:09:01ZLiferay 6.2 EE SAML SSO - Unable to process SAML request.thilak ghttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=945188692017-09-05T10:49:30Z2017-09-05T10:49:30ZHi All,<br /><br />Here, I wanted to implement SMAL SSO login in liferay, I followed below tutorial to configure SAML SSO in liferay. <br /><br /><u>Tutorial URL: </u><a href="http://www.xtivia.com/configuring-liferay-6-1-ee-saml-identity-provider-service-provider">http://www.xtivia.com/configuring-liferay-6-1-ee-saml-identity-provider-service-provider</a><br /><br />In this above tutorial i have taken only SP(service provider) configuration only, Because i am considering my application as a SP. Third party IDP(Identity Provider ) shared with me following files<br />1. SP metadata file<br />2. IDP metadata file<br />3. client certificate and 3 trust chain certificates.<br /><br />So, I need to configure all three parameters in liferay, while sending request to IDP i have to pass all three parameters along with request.<br />In given Liferay saml 2.0 provider i don't have options to pass extra parameters like (metadata .file and keystore)<br /><br />The Steps i did,<br /><br />Step 1 : deployed Liferay SAML 2.0 Provider.<br />Step 2 : configured properties in portal-ext properties <br /> properties are ,<br /><br />#saml properties<br />saml.enabled=true<br />saml.role=sp<br />saml.entity.id= idp-entity-id<br />saml.metadata.paths=${liferay.home}/data/metadata<br />#saml. sp.metadata.file=${liferay.home}/data/metadata/sp-metadata.xml --><u> I don't know this property available or not , but i have to pass this manually created metadata file. It required for IDP.</u><br /><br />##Keystore#<br />saml.keystore.type=jks<br />saml.keystore.path=${liferay.home}/data/keystore.jks ---><u> this keystore is manually created and i imported certificates which they given in this keystore</u>. <br />saml.keystore.sign.key.alias= aliasname ---> <u>this is alias name of certificate which i imported in keystore. this property also manually added i don't know it is available or not.</u><br />saml.keystore.password= password<br />#saml.keystore.credential.password[samlspdemo]=password<br /><br />##Service Provider#<br />saml.sp.default.idp.entity.id=idp-entity-id<br />#saml.sp.metadata.file=${liferay.home}/data/metadata/sp-metadata.xml -><u> this property also i manually added , It is also required for IDP.</u><br />saml.sp.sign.authn.request=true<br />saml.sp.assertion.signature.required=false<br />saml.sp.clock.skew=3000<br />#saml.sp.session.keepalive.url=http://localhost:8080/c/portal/saml/idp/keepalive<br />saml.sp.user.attribute.mappings=<br /><br />Step 3 : While checking metadata url(http://localhost:8080/c/portal/saml/metadata ) i am getting following exception <br /><br /><u>Exception :</u> Unable to process SAML request. <br /><br />Step 4 : While checking sso url(http://localhost:8080/c/portal/login ) i am getting following exception <br /><u>Exception:</u><br />13:42:39,960 ERROR [ajp-bio-8009-exec-10][SamlSpSsoFilter:83] com.liferay.saml.SamlException: org.opensaml.saml2.metadata.provider.MetadataProviderException: java.lang.NullPointerException<br />com.liferay.saml.SamlException: org.opensaml.saml2.metadata.provider.MetadataProviderException: java.lang.NullPointerException<br /> at com.liferay.saml.profile.WebSsoProfileImpl.sendAuthnRequest(WebSsoProfileImpl.java:188)<br /> at com.liferay.saml.profile.WebSsoProfileUtil.sendAuthnRequest(WebSsoProfileUtil.java:58)<br /> at com.liferay.saml.hook.filter.SamlSpSsoFilter.login(SamlSpSsoFilter.java:127)<br /> at com.liferay.saml.hook.filter.SamlSpSsoFilter.processFilter(SamlSpSsoFilter.java:149)<br /> at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)<br /> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<br /> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)<br /> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)<br /> at java.lang.reflect.Method.invoke(Method.java:606)<br /> at com.liferay.portal.kernel.bean.ClassLoaderBeanHandler.invoke(ClassLoaderBeanHandler.java:67)<br /> at com.sun.proxy.$Proxy1216.doFilter(Unknown Source)<br /> at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)<br /> at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)<br /> at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)<br /> at com.liferay.portal.sharepoint.SharepointFilter.processFilter(SharepointFilter.java:88)<br /> at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)<br /> at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)<br /> at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)<br /> at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:185)<br /> at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)<br /> at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:738)<br /> at com.liferay.portal.servlet.filters.urlrewrite.UrlRewriteFilter.processFilter(UrlRewriteFilter.java:57)<br /> at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)<br /> at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)<br /> at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)<br /> at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:165)<br /> at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)<br /> at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:165)<br /> at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)<br /> at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:185)<br /> at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)<br /> at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:119)<br /> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)<br /> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)<br /> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)<br /> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)<br /> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)<br /> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)<br /> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)<br /> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)<br /> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)<br /> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)<br /> at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:200)<br /> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)<br /> at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)<br /> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)<br /> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)<br /> at java.lang.Thread.run(Thread.java:745)<br />Caused by: org.opensaml.saml2.metadata.provider.MetadataProviderException: java.lang.NullPointerException<br /> at com.liferay.saml.metadata.MetadataManagerImpl.getEntityDescriptor(MetadataManagerImpl.java:180)<br /> at com.liferay.saml.metadata.MetadataManagerUtil.getEntityDescriptor(MetadataManagerUtil.java:52)<br /> at com.liferay.saml.profile.BaseProfile.getSamlMessageContext(BaseProfile.java:168)<br /> at com.liferay.saml.profile.BaseProfile.getSamlMessageContext(BaseProfile.java:222)<br /> at com.liferay.saml.profile.WebSsoProfileImpl.doSendAuthnRequest(WebSsoProfileImpl.java:625)<br /> at com.liferay.saml.profile.WebSsoProfileImpl.sendAuthnRequest(WebSsoProfileImpl.java:178)<br /> ... 47 more<br />Caused by: java.lang.NullPointerException<br /> at org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager.getFactory(KeyInfoGeneratorManager.java:77)<br /> at com.liferay.saml.util.OpenSamlUtil.buildKeyInfo(OpenSamlUtil.java:591)<br /> at com.liferay.saml.metadata.MetadataGeneratorUtil.buildSpSsoDescriptor(MetadataGeneratorUtil.java:197)<br /> at com.liferay.saml.metadata.MetadataGeneratorUtil.buildSpEntityDescriptor(MetadataGeneratorUtil.java:153)<br /> at com.liferay.saml.metadata.MetadataManagerImpl.getEntityDescriptor(MetadataManagerImpl.java:171)<br /> ... 52 more<br /><br /><u>So my questions are</u><br /><br /> 1. how can i configure extra parameters like below.<br /> sp.metadata.file=${liferay.home}/data/metadata/sp-metadata.xml<br /> keystore.sign.key.alias= aliasname<br /> idp.metadata.file=${liferay.home}/data/metadata/idp-metadata.xml <br /> 2. If it is not possible , How can i customize liferay saml2.0 provider ?<br /><br />